On 6/13/24 05:34, Wasser Mai wrote:
> Error: INTEGER_OVERFLOW (CWE-190):
> diffutils-3.10/lib/stackvma.c:198:23: tainted_data_return: Called
> function ""read(fd, rof->buffer + rof->filled, size - rof->filled)"",
> and a possible return value may be less than zero.
> diffutils-3.10/lib/stackvma.c:198:23: cast_overflow: An assign that
> casts to a different type, which might trigger an overflow.
> diffutils-3.10/lib/stackvma.c:213:23: overflow: The expression
> ""rof->filled"" is considered to have possibly overflowed.
> diffutils-3.10/lib/stackvma.c:198:23: overflow: The expression ""size
> - rof->filled"" is deemed overflowed because at least one of its
> arguments has overflowed.
> diffutils-3.10/lib/stackvma.c:198:23: overflow_sink: ""size -
> rof->filled"", which might have underflowed, is passed to ""read(fd,
> rof->buffer + rof->filled, size - rof->filled)"". [Note: The source
> code implementation of the function has been overridden by a builtin
> model.]
> #  196|                     for (;;)
> #  197|                       {
> #  198|->                       n = read (fd, rof->buffer +
> rof->filled, size - rof->filled);
> #  199|                         if (n < 0 && errno == EINTR)
> #  200|                           goto retry;"


As near as I can make out, this was the only defect report by Coverity 
that was not a false alarm. I installed the attached patch into Gnulib 
to fix the bug, which appears to be so unlikely that it's not worth 
losing sleep over.

Marking the diffutils bug as done since the other defect reports were 
false alarms.